1. Forum
  2. TQWNet
  3. TQW GENTECH

  • Palo Alto Networks says it fixed two major firewall zero-days bei

    From TechnologyDaily@1337:1/100 to All on Friday, November 22, 2024 11:45:05
    Palo Alto Networks says it fixed two major firewall zero-days being used in thousands of attacks

    Date:
    Fri, 22 Nov 2024 11:29:00 +0000

    Description:
    One of the bugs is critical and allows crooks to drop malware, Palo Alto admits.

    FULL STORY ======================================================================Palo Alto Networks releases patch for two serious flaws impacting its firewalls
    The flaws were being abused in the wild to drop malware CISA added them to
    its KEV catalog

    Palo Alto Networks has revealed it fixed two major vulnerabilities plaguing its firewalls .

    The bugs are an authentication bypass in the PAN-OS management web interface (CVE-2024-0012), and a privilege escalation flaw in PAN-OS (CVE-2024-9474). The former has a severity score of 9.3 (critical), and grants crooks the ability to gain admin privileges on the target endpoint, and the latter has a lower score, 6.9 (medium), but helps run commands on the firewall.

    Cybercriminals were chaining the flaws to gain admin privileges and run commands on exposed endpoints, it confirmed. Therefore, users are advised to apply the patches as soon as possible. Added to CISA's KEV

    Palo Alto said it was looking into ongoing attacks in which the two bugs were chained to strike a limited number of device management web interfaces with malware and arbitrary commands.

    "This original activity reported on Nov. 18, 2024 primarily originated from
    IP addresses known to proxy/tunnel traffic for anonymous VPN services," the company said in an advisory. "At this time, Unit 42 assesses with moderate to high confidence that a functional exploit chaining CVE-2024-0012 and CVE-2024-9474 is publicly available, which will enable broader threat activity."

    Both vulnerabilities have since been added to CISAs Known Exploited Vulnerabilities (KEV) catalog, confirming in-the-wild abuse. Federal agencies have until December 9 to patch the bugs, or stop using the affected firewalls altogether.

    Palo Alto said that only a very small number of firewalls is being targeted. However, citing data from the threat monitoring platform Shadowserver, BleepingComputer reported that there are more than 2,700 vulnerable PAN-OS instances.

    Since a working exploit is already available, and evidence of abuse exists, Palo Alto strongly advises its customers to patch up, and restrict access to trusted accounts only.

    "Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines," the company said.

    Via BleepingComputer You might also like Palo Alto Networks warns users of dangerous security threat affecting firewalls Here's a list of the best free antivirus tools around today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/palo-alto-networks-says-it-fixed-two-ma jor-firewall-zero-days-being-used-in-thousands-of-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)